30ebe15d37c18d6c19258fa547476899148f6838acc69886b34f3d42cc3d1055

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
26/04/2024, 02:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

30ebe15d37c18d6c19258fa547476899148f6838acc69886b34f3d42cc3d1055.exe
Size

1.8MB
MD5

5bf4922bc890a31eeab4a02f9fcb0a6a
SHA1

09818a8377fd94f850a7a70b0b3afacbe803175f
SHA256

30ebe15d37c18d6c19258fa547476899148f6838acc69886b34f3d42cc3d1055
SHA512

9968b0a3dad292267e27cc5997d11e173d1266ffdb792045641aa0401361f55b2274ccc5f66ed524ebd49e8e72982540d306aa8eed4e3b5313e3e40d407243b8
SSDEEP

49152:GM9QPdxwfE7WlFwKAfzuTiDFUFkYgDUYmvFur31yAipQCtXxc0H:G1PdVQFwKZCFgaU7dG1yfpVBlH

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 21 IoCs

pid	Process
748	alg.exe
2084	DiagnosticsHub.StandardCollector.Service.exe
4612	fxssvc.exe
4480	elevation_service.exe
4784	elevation_service.exe
976	maintenanceservice.exe
2312	msdtc.exe
2648	OSE.EXE
4496	PerceptionSimulationService.exe
2260	perfhost.exe
2016	locator.exe
888	SensorDataService.exe
4844	snmptrap.exe
4440	spectrum.exe
612	ssh-agent.exe
2456	TieringEngineService.exe
916	AgentService.exe
3184	vds.exe
2020	vssvc.exe
4512	wbengine.exe
2664	WmiApSrv.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 36 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\msiexec.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	30ebe15d37c18d6c19258fa547476899148f6838acc69886b34f3d42cc3d1055.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	30ebe15d37c18d6c19258fa547476899148f6838acc69886b34f3d42cc3d1055.exe
File opened for modification	C:\Windows\system32\wbem\WmiApSrv.exe	30ebe15d37c18d6c19258fa547476899148f6838acc69886b34f3d42cc3d1055.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\alg.exe	30ebe15d37c18d6c19258fa547476899148f6838acc69886b34f3d42cc3d1055.exe
File opened for modification	C:\Windows\system32\locator.exe	30ebe15d37c18d6c19258fa547476899148f6838acc69886b34f3d42cc3d1055.exe
File opened for modification	C:\Windows\System32\vds.exe	30ebe15d37c18d6c19258fa547476899148f6838acc69886b34f3d42cc3d1055.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	30ebe15d37c18d6c19258fa547476899148f6838acc69886b34f3d42cc3d1055.exe
File opened for modification	C:\Windows\system32\spectrum.exe	30ebe15d37c18d6c19258fa547476899148f6838acc69886b34f3d42cc3d1055.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	alg.exe
File opened for modification	C:\Windows\system32\AgentService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\msdtc.exe	30ebe15d37c18d6c19258fa547476899148f6838acc69886b34f3d42cc3d1055.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	30ebe15d37c18d6c19258fa547476899148f6838acc69886b34f3d42cc3d1055.exe
File opened for modification	C:\Windows\system32\AgentService.exe	30ebe15d37c18d6c19258fa547476899148f6838acc69886b34f3d42cc3d1055.exe
File opened for modification	C:\Windows\system32\wbengine.exe	30ebe15d37c18d6c19258fa547476899148f6838acc69886b34f3d42cc3d1055.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\system32\msiexec.exe	alg.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	30ebe15d37c18d6c19258fa547476899148f6838acc69886b34f3d42cc3d1055.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	30ebe15d37c18d6c19258fa547476899148f6838acc69886b34f3d42cc3d1055.exe
File opened for modification	C:\Windows\system32\vssvc.exe	30ebe15d37c18d6c19258fa547476899148f6838acc69886b34f3d42cc3d1055.exe
File opened for modification	C:\Windows\system32\msiexec.exe	30ebe15d37c18d6c19258fa547476899148f6838acc69886b34f3d42cc3d1055.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	alg.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\7e3bb68b7d34635.bin	alg.exe
File opened for modification	C:\Windows\system32\dllhost.exe	30ebe15d37c18d6c19258fa547476899148f6838acc69886b34f3d42cc3d1055.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	30ebe15d37c18d6c19258fa547476899148f6838acc69886b34f3d42cc3d1055.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\system32\AgentService.exe	alg.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	30ebe15d37c18d6c19258fa547476899148f6838acc69886b34f3d42cc3d1055.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	30ebe15d37c18d6c19258fa547476899148f6838acc69886b34f3d42cc3d1055.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	30ebe15d37c18d6c19258fa547476899148f6838acc69886b34f3d42cc3d1055.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jabswitch.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3875.tmp\goopdateres_th.dll	30ebe15d37c18d6c19258fa547476899148f6838acc69886b34f3d42cc3d1055.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\pack200.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3875.tmp\goopdateres_hr.dll	30ebe15d37c18d6c19258fa547476899148f6838acc69886b34f3d42cc3d1055.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe	alg.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaws.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmic.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3875.tmp\goopdateres_uk.dll	30ebe15d37c18d6c19258fa547476899148f6838acc69886b34f3d42cc3d1055.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\crashreporter.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Internet Explorer\ieinstal.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\policytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\private_browsing.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3875.tmp\goopdateres_ru.dll	30ebe15d37c18d6c19258fa547476899148f6838acc69886b34f3d42cc3d1055.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3875.tmp\goopdateres_vi.dll	30ebe15d37c18d6c19258fa547476899148f6838acc69886b34f3d42cc3d1055.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3875.tmp\GoogleCrashHandler.exe	30ebe15d37c18d6c19258fa547476899148f6838acc69886b34f3d42cc3d1055.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3875.tmp\goopdateres_ro.dll	30ebe15d37c18d6c19258fa547476899148f6838acc69886b34f3d42cc3d1055.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\keytool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmid.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\idlj.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\110.0.5481.104\chrome_installer.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3875.tmp\goopdateres_ur.dll	30ebe15d37c18d6c19258fa547476899148f6838acc69886b34f3d42cc3d1055.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaws.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3875.tmp\goopdateres_pt-BR.dll	30ebe15d37c18d6c19258fa547476899148f6838acc69886b34f3d42cc3d1055.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3875.tmp\goopdateres_es.dll	30ebe15d37c18d6c19258fa547476899148f6838acc69886b34f3d42cc3d1055.exe
File opened for modification	C:\Program Files\Internet Explorer\iexplore.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\keytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3875.tmp\GoogleUpdate.exe	30ebe15d37c18d6c19258fa547476899148f6838acc69886b34f3d42cc3d1055.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe	alg.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	30ebe15d37c18d6c19258fa547476899148f6838acc69886b34f3d42cc3d1055.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	alg.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
2084	DiagnosticsHub.StandardCollector.Service.exe
2084	DiagnosticsHub.StandardCollector.Service.exe
2084	DiagnosticsHub.StandardCollector.Service.exe
2084	DiagnosticsHub.StandardCollector.Service.exe
2084	DiagnosticsHub.StandardCollector.Service.exe
2084	DiagnosticsHub.StandardCollector.Service.exe
2084	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
660	Process not Found
660	Process not Found

Suspicious use of AdjustPrivilegeToken 15 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	4164	30ebe15d37c18d6c19258fa547476899148f6838acc69886b34f3d42cc3d1055.exe
Token: SeAuditPrivilege	4612	fxssvc.exe
Token: SeRestorePrivilege	2456	TieringEngineService.exe
Token: SeManageVolumePrivilege	2456	TieringEngineService.exe
Token: SeAssignPrimaryTokenPrivilege	916	AgentService.exe
Token: SeBackupPrivilege	2020	vssvc.exe
Token: SeRestorePrivilege	2020	vssvc.exe
Token: SeAuditPrivilege	2020	vssvc.exe
Token: SeBackupPrivilege	4512	wbengine.exe
Token: SeRestorePrivilege	4512	wbengine.exe
Token: SeSecurityPrivilege	4512	wbengine.exe
Token: SeDebugPrivilege	748	alg.exe
Token: SeDebugPrivilege	748	alg.exe
Token: SeDebugPrivilege	748	alg.exe
Token: SeDebugPrivilege	2084	DiagnosticsHub.StandardCollector.Service.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\30ebe15d37c18d6c19258fa547476899148f6838acc69886b34f3d42cc3d1055.exe
"C:\Users\Admin\AppData\Local\Temp\30ebe15d37c18d6c19258fa547476899148f6838acc69886b34f3d42cc3d1055.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:4164

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:748

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2084

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:2380

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4612

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4480

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4784

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:976

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:2312

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:2648

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:4496

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:2260

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:2016

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:888

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:4844

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4440

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:612

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:4952

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:2456

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:916

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Executes dropped EXE
PID:3184

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2020

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4512

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
- Executes dropped EXE
PID:2664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
f93ef887976b833fd4526aa540355d72

SHA1
555627d97bf649e7bfee98482b07a01304f26da4

SHA256
89f3dd79eaad0800a7621c0f1517095d38a4825ef201b586bcd1587b9bea4d4b

SHA512
4a77bb645b4ec8588d2964d2c2c97cb156d3a1de45798406c3352911e13b7adc9aa7425a356bec874d4f3dd373fb393d8fe59081b3af1dd96f630eb8433a2360

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.7MB

MD5
54c35517b0b0b71c6e6f483c0f0b5b02

SHA1
ae18edf372f4ecd233947bb7344727f12c22f53b

SHA256
34e50f7ad9564ed409c99bca42a23761930a1c3b71ebb1d3bbc77e0e68b0b58f

SHA512
bf10b8e2d3decb0e4bd1fffd67807185fb681fe553337f3dddf77f844ee52326ee29a18c84023bec3d9f8b22177861cf3702838b03075188fd78945f1c3db41d

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
2.0MB

MD5
55aeae2eb3a35572d7736b934afd4f16

SHA1
59d307b6d6266b2899021429811f50410caded89

SHA256
ca3a696c6b00cf70ca767c2e254383ef6cbe6b2569f412d642825cade46c04a1

SHA512
268c355c058abf887930953784d720afab507547430b465eef28f97bf9ddc0b2a5fc4217e9798e195076f395a9a31bf0f41c9a2695304a1d6a65bf1a61bc675a

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
2314e33b08f29bc51acef96206380662

SHA1
882c806790857b849e7f04ea530f804ba1e0e5e3

SHA256
593697c0021a6954b43b452e6b08367ecfb63b39ae0aa92be37cc32a0d1d5624

SHA512
86d5af435901eed0019a526fa39581d1f71b73ab158bd6a81095b799f741fc14f5a6ed4ab0135c2c987820c84a76772424c0bc3b94ecef1add87d72167359557

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
026f12a8221cd6e70250eb98c02ae75d

SHA1
ff14d1fe63eea095ceda1c1c8b1d55b37f472688

SHA256
c06a0af5b94e7b652fea728c802ec0e459b33b91ab39dcc6ccac2949e3970ec6

SHA512
b85bc35da9a2c465dd8123c4fc02bbf05ceacf2668af0e475f13ac1ca360fd0bac8df38579487961a75798338bb0e22cea02360d3dd99a8f1526c24a391919b3

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
1.4MB

MD5
60f7bf6c698354349350559fe697e8de

SHA1
30d85d37863228aac533877a3eed689ce79c5ac2

SHA256
6a26fe3365e6d2eb4eca843af96324a0962deab0b1833d6347b5b418da58c146

SHA512
38f075db1d57cc27f403c9ab0b65b8c6a56a356c8454bf5b51ce95f8fae6fc2f73429ad0e61e822bb5271a2bc9cca691579a3ccfba02c34242fab0176b854b7f

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
1.7MB

MD5
45c19a33350e5ab574fa4af6277b2898

SHA1
9336cd836b0ed84fec2f7d63d02316afdaf5ae00

SHA256
173c1d4b5893719e4d75b2431a67dd5b57c9af3e4aade59d7e471b2b8b22fc08

SHA512
38448f5853bd64d0d0fc2c2b00c4072a571904993462c1663a4771e2965180264d3bf3d62d1d5a409fdd447f6141f336ff26122eeed97bc01e931d52c7d14877

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
bb25c0e2fba73f0cdbf996f7fbe2f617

SHA1
9c299ac3bd1eb94b0207e7c27afd8b18619e10bc

SHA256
6b441e70f0948f3c122079533260ff4229b9e99793b0df8a307be32005025854

SHA512
a57ca54778ce408afc2addfddcecbc18e059a1bc170d0e1fc56edc4b6dc884d4c630fec3fc689b50efd34a9e52b85f8c05b15136ad9df441cc44f9f5ae2a4155

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
1.8MB

MD5
a512aa1ece8acac18cc15f7d13bfe9c4

SHA1
03b9f5e9ff1bcd14d9d8a5553ce72939e1c7dfb9

SHA256
f5df306bdae75dea58add948fbd7ea45f5fbe25f21b315f64419275cee8923e8

SHA512
4d666403b0ee170c54678f88ecda9d31aff7a4f40a96ee31fbbc8ea549d6c7b94df710b775a452bf71c4fc6d8157958732875fcba9c4c0119c7792553acbed7e

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
0057f824eca62d2a07f44dd6202892a8

SHA1
d5930ed9d9f21919f121c2e7abe7fba5e4c91625

SHA256
18fabe2d5df175dffd77b1ba89a99d2c779526dc10e1b6f5871c5932c6f02fe7

SHA512
51a24d0cf27c2489f8b8829201b35d86389f1d548f6d853ac6ba90924b62d21c102d0a26c58d02dc4de52caa784bc9edc39db561afffb5c423c9d72673b20798

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
fcd7c4be5af5c15a332199fe0a691a3a

SHA1
f5427c927d4d066098ef58a077eec36df42fc85b

SHA256
2aaf40c082ddc3d96eb00f6376f9a11bd1f05766c6ec216f7e03e1d258676e53

SHA512
e57736c16841260415fb2124aaa51993bcb5955e63283adeded7619dee0d6a8b574523b77832638a31f9c9ea0525a86d97dd18ee96a93a31d9721bbfcf30ea06

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
3f9951c97846aecd028f2c2ca7f1df39

SHA1
bfcf74040e270a8b3a95ccc083c3c28c0fda2c1e

SHA256
82cdab3c9a5fb3c1c3c4655b4edc1564e3fc083d09d98d47e5a5d1b2090926dc

SHA512
457a4821f26cadced041c0045f4943edb518613d1dbb9916cbc83e64ab359c9b5d33cb630caf02c3f46dd882c6e1fd222627bff01c7d4aa9e62828d563b539d9

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
1.7MB

MD5
2c1f61f6521b24a853d2de086bfac35d

SHA1
5d0af90bcb4002a41626ca9c677675bb6777441a

SHA256
3798ba0559a015de294cd509b7683cbbd8a17decef4c740000494bbfb43dbaf4

SHA512
d5c4fba8d5c63fda47e0fcbeb35bcb1da636f81b74cbf99efd9a327d2a29657aa381a099ae1f12585be2a885cb8814445242c2946099bbd2e33eb138176829bd

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
1.5MB

MD5
35cb359103ca88c7022220e239a7ac03

SHA1
4a0af8e6f1428bc5851d540c806559fde1f31d38

SHA256
5111735e6d19324e6f9fdb280ce41f41d74c095f4d8a9bce9da23b08b79c20dc

SHA512
eb8fe868ac62479b76f61ae8ec4abda065ded780c8b5f8fd2e3ce4c78e7b70e4955fbf4c3f6f1382b2dba75c16fef031b41b99dd56ddc73c07520af42ab78ce6

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

Filesize
5.4MB

MD5
0bc94bc0b71a6c074628e2bc18e3b536

SHA1
fe1ae65219e79864d4c66baf1e71eb5dac616310

SHA256
9492387a58527f39239aadbe5e168bbc680694f2e46ceefa12554a5c3a9a7289

SHA512
86ebbdff3e68a9ce522a26b211f08704d8d7516a74c3abf982e5927653fa690d8fea01cba2000e53521305677873b1520b4bbc979b570bb434d2d6ce42d430ab

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

Filesize
5.4MB

MD5
d7e166eebd909aa458d4acd3d7487b3c

SHA1
6c1872fd13396119925cc64bebb0308badc80ef0

SHA256
83e46ea6eaeff74b2431467d2177dc32c96a729d3fd9a6d69d3411961432d8ec

SHA512
073c09298f3015fce5aecd1c3c3e51f1da76fcf0e399e54b14afde7fb913f37b5884b5727a76844c0a7d57faad4e7dbefdaca66d1c33dc352ee4dd4984dcf49e

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe

Filesize
2.0MB

MD5
a7c6d59e11cf80627bdd9382041abb8f

SHA1
6280c2f88ad8e6bc1179dab305d9f9ddcf6d35a5

SHA256
17aac0f5e24b0b27b256e3993c53e4ad19ada51ec0c33ca8c238a76d690ee3fc

SHA512
8e446b629febd7343d8d841acb337909d678bf471f05db05ecd31883e44e3fe76bbd55cc5a3a224319d1abb804d00d74c9b83e89f408dd5e17aa58c0249b59c8

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

Filesize
2.2MB

MD5
801d121726fc6f206748adaf13896865

SHA1
ff901ead19a4ed694111bc5c751f9d04fb90c18a

SHA256
c330c5e3e47823a6245189cfd098d1e392775aa81371fe41272e30d370c3d817

SHA512
29a552a655f5dc7304766222d32d30cb7874e09bcc23838d5a5f3c7828679728ba87f268fde486e69b145c2092981447f09220ec5ce93fbcd0b000b011e0d0bf

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe

Filesize
1.8MB

MD5
a80690c54d05dad575035ee0f10f1cd7

SHA1
30fc528acd4991396b9b0271f8a11db54e7b4914

SHA256
add274b2822b5c023c83e4cab907fa6c055e77b52c3fddd4e6b3f7ee2ca5ccbf

SHA512
a55c5b383a4ee09db7fa4a1155be38df81a798198e80675f191542dbe7cbbed20e916cce932d09fe87ca9646b97fc3a1608bc5d22a9f9ab243f0a4a4fb696ba4

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.7MB

MD5
3151ed689ace33b521aab6d887b32af0

SHA1
d8853d64fa2c42167e2d24ee379dd0d97007968f

SHA256
af97b60c7291b31479bdb715d7448d30430be2e5de4943f5c64205b4e548be0c

SHA512
51fae7211e88d68d64d69d5419a5cf8ef366df70db50f0c6b77efb5651fab9308a0c4cdeb15e21c72cb654ca59d22acccc29a1e04b46277cfdae3e2bbcd714c6

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
1.4MB

MD5
66f3803782309140eeaa1341195ad874

SHA1
0116ae1dc4c125253ec998b32cd2c20b95bf3c7a

SHA256
602bbafff9cf8fe14bb8d475cf94465904c39bedb5fac01630bd5ddafdb8aedb

SHA512
a348005f3a25be9b48814631697d09c486857e8d47e27259d33dedae61b4710990b30200d48e77cc938897475a0cd634e3c77c873d8841783d717ebfb8be328f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
1.4MB

MD5
ce3b2d008277250f983b170c5a2286a8

SHA1
181ac84b7316eb6d4e6384c0a7786c352edb5ecf

SHA256
fea65de322e05e6bc93b3e68fc779116d110b93c8455a72875831370c99cec18

SHA512
c29855411fab464fc99401884dfa5025abc5ee42587f8a9ea3975244ff4b69cb7de71072387497aa9079dd1a0c3ce399e7e8129194ae3aea6195877f29f57ac2

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
1.4MB

MD5
477544b1a57aad28d32bc8870e07527b

SHA1
2eff43c18cd1cb640b27190592119f2e453d8672

SHA256
7224ec0f724e0957ef4906113734eec87116d4521f8e2043c4bc599ff575fafa

SHA512
378558f0dc42d7d89da3d2042177ce7d9c2dbfc58db4033a9a33f880a34a30df2d2962118d81b6bf1cd8980b8405d6c858faaf0cd0e813f72d88bf14278dba47

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
1.5MB

MD5
6a2871e751de227e6448193327104656

SHA1
a9166c87a7ff74423a2e26ff9ccc9c1efe858399

SHA256
fefb754459b402a19ee4f7c06879f62a153074a12a7665df9b44c2ffe95868c3

SHA512
40c809fd2d31089e8e5cc84328f1648847d78e260fcfa933f9fbd3703c000d8f0918cb64ce392a6501d73c560b609b9b84f29c38c1980dba4258002a6416e712

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
1.4MB

MD5
05d140e75cba883d59f200c9510b8007

SHA1
2a04c41d317a8cdca1c4b66996f0b4d3e6175b34

SHA256
69209d98ae59678f1db61c332f581eabe6f8666965cd7efe93fe912dc040c4c5

SHA512
e4363af5c46c58edc354305f21b45d89cb5060e189d9d4d3a6aa50f99bb5590b9a4184665b0e747298d10a3d66e8d5bd88a4ce77d76bae17f981bbbe714b523b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
1.4MB

MD5
418b605fbf68bf53ae5f886281ef33ab

SHA1
9608d5f1060ddc955ecf4921e883b3b421108be5

SHA256
92b909931ec35e6b926ca55a6ee7a83f5a671e0f9ddf075f212060a25e3a8e9e

SHA512
04369708fb8949eb00c3d13044b0badfcc8ed2015a54e58759ef0e54f7fd3ad99b4403f35638cd9498b99364a799cb74ec835f806dec0271395377d0f862216b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
1.4MB

MD5
78a8dbb0a2cab5744c5c5747d5675db0

SHA1
957f22b5c48bc355bc74aaaad1a440b47fbced71

SHA256
300c25a3ffea9f00b4967d3d200d6fb3c5be772bd1d41154bffef6bb47763bb7

SHA512
92a2e7e65ee58c3bde07ac2f18ea74ce4718fc63f1cea41b7f4eb370712705281d21ab16cdc58ef3a1b92719a14e3707de0d6121554aea97d63ba41ec02817b3

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
1.7MB

MD5
1185220a673b4638f4744da0819373ac

SHA1
63067eab69c2026451c89cad8315e2afc923b835

SHA256
c2e8f886e4e9023e837fe8b727ae2ae7489371a5e2ee0ded65b35972dab6ba55

SHA512
8f2bb26c4f98501871eb69430442bda50754c1aa0b317cf8f656b47ea5644436cec483fbd82c38e3d5fd18dd5dbe80bc7baff51b410ee963c6c44ab6e82fa8c2

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
1.4MB

MD5
7d106b4c25669044de65411a86d3382a

SHA1
27a0c1af8b576ac3eb52044b9dbbe54d389c92f1

SHA256
07d384e5713f0af23c73d5e68147841902fb8b59c620f862f279f5cdcb4a4e0e

SHA512
4068d3ed79edc3816facb9f0ead6f45fc3f7c52830b1b9cb6e1fef957da172c0dd3a734c19cdb9c02d4233c8d68382ad3d34986a59a5a9528bb15f65536ab960

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
1.4MB

MD5
1aadba0f09909e42b7f1518c1708f7e3

SHA1
86d0f5064ec0cefcf3f8e23f338a2d7d0cb4c5db

SHA256
763a0fac8be79ecb049329369d399498bff79e1bc743c94067af46c52d445b86

SHA512
316454591ba9379fee696525ec9c24b3ffbc5f5f6d286856435522c5a9728a024647ed2b67ebd7aeb1ddc233860b9f02517282cf969f0cc34c14532e23c3062c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
1.6MB

MD5
e0c821c0dbdca5323045ea0acca81ae3

SHA1
49f74d710cb545ddf5f1d1649cd77c08e3346ead

SHA256
c77c4cd12b9e81e390ff76baf849cf2c7a0354d90df183d644cf03e0dc5a7d98

SHA512
3aeafa119d246cbb634dcbcd545bde51b8b1ca80bcf312e508e6973a156fade10fee74348c90e0c2d224f2e385b891dee131428368bcbf26252f5b67cc7712ca

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
1.4MB

MD5
533c295b0bf41ec09d1d65e52d48658d

SHA1
da0fc8b4e3df609959c1b2dde6ed8d3e87b0b434

SHA256
1525e375be76e54635b227cb10d5e54b88a005461b49449c5e5b1b69697eb240

SHA512
9fd9290ea27ce5f8b4f58901188037b1eee7a9c9084ad0a937eeb686216fe2e4971209c26361da876634e50723404afe4d8e3654935b1dad7f3119eb1d2d598f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
1.4MB

MD5
47de4fc48c0fc4f0a75f945a41db156b

SHA1
2ccf4f04d993da8615962d6905dfe446fcdba1d8

SHA256
ae0b2d560b58f0039ec587efb9f4bd97c86e81a0ba22791619651ab6704f0df2

SHA512
99e8fbfd82362b8fd9888cd66c0bfb82eeb3ca897c8650bcad5e8de79d8ec55a01d08f2cb420a070447b971f17931f1bcf4c1f0367aa3290ebac6596a14b7e5e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
1.6MB

MD5
719efaa40b7cd516541fa8073dd4dca2

SHA1
07360ef5b912d82f12ca9ac1d354dec80062fc42

SHA256
96b5fcd147ad713668867126f8ad0d50a6113fbef3a01cf0505127999f2a52f5

SHA512
30759398b248eb3e1a999b03bad423377c6bd5dd8c3595ba703548ad4b7c7d2c6b9078588ee236d0819f02982bf7b2d25cb320dcbbf4b9ca5d08c6b775fe2396

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
1.7MB

MD5
811389cf3dd88193db873906ce3f8c2d

SHA1
54fbf79d4690882ac733dec76aa1ebb8e2951e2c

SHA256
7428723003ea9c4383a87232ca589d82866e6e5451e466aedaca8e72ef889916

SHA512
813598ffe1bd656355c5f4641de7260369bbaa558d505380ed7f347e73776d3a932df265342cc843f1263ec97f4873ee5e471fc992e9f064bfa462de55fcb40b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1.9MB

MD5
4f68c09d2ce576822bfe99964e36ee5f

SHA1
c1eeb85fcd6160d3191fcb80a76c0512ff852ce2

SHA256
32915519eb8bda93fdeb997e59aaa14f69e92be3e6e242e495b5272cda14accd

SHA512
75f9fe5c8605a10358c6671a06ff4a133853964d4c1a4ae17c3b8699d1d79e4a6bc85f447a83619324a725f7a4b9530060da33999c30ebd83bb121bba6081d01

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
1.4MB

MD5
68ec2c87ede559637dea099db566c0a2

SHA1
d125fd62d606520a885c7f38693c555f85d3f0f6

SHA256
05252779c5a988ab7620460d6e0718f13f9cf4472f070159214c0e93addcc9a2

SHA512
054587bfae964ac220dff371b3997c6f25bd4067def893c7e102fdb9d2f706a8fb88504e673a461f7b7d14ad92a1990860fe4c5ccce206ee14ee00162c8611f2

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
1.4MB

MD5
8d6f1a52015df141da0285cf34d38dfd

SHA1
6915c8ca59161e9a690bfb0e151f867758ae6e49

SHA256
836a57ef4a67f8c18b0d15b86f54adb986358d6fa857e0ef52c03ebb5dc7c6a9

SHA512
8873aebf1caa8ea47d8f7e6a0fd5a8612fcc2e750dff019a356ba74ace3c1747c55aca95419e7e9e1bbc8f7759d721dcf69c8dbb8309652d378339992ed774fb

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
1.6MB

MD5
fe5b1a0871be4ebb188d063bb5caaaa3

SHA1
6ae504d502ba15737ddbf12a7af4d0e2c8aff5ad

SHA256
4d63abf6cadac80bc34b0c4e5f005a75efdeab72b39b8ebd1a4265bc673e5eb3

SHA512
a06bc7bcfc2ec4f5ce36eff5a4f2a8b18c8048afe5f5f8fee87ce20a30f7b8ec0f67026ae1983b49596933af21afeb076ee3632a7c7b261ebcc40b2d53a58454

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
1.4MB

MD5
74512961a5e732791e188978289c9674

SHA1
58d805ea6e3193937f4e094c7a8f500744e7896b

SHA256
9aaf14334f6ea6ce58b03af9067ae974c714ecab3fd8a40b5b0bbacca5b49e3b

SHA512
83d1da79be78a258ccd0a7e56afffd6bd78bb5c30a97087db994cb5cb4c0607c65d87b41a56b36a5ccb5330069b24b1d7b684003bf1c2a74020fb34248d909d6

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
1.7MB

MD5
1065d2ac4c14596c4588ddc7d54c1fee

SHA1
ac3ef1d9b379c6dfd3f1d05ba4d11a9c97aab370

SHA256
4be8589da0939675473c61e01a8289b18dcfd9a2c250ae400391cefb349e8f87

SHA512
4aeba285a72257098b63bf4ff1df37b5134b3ea713da0a60733b8f727609b1d4dc53b2808f46408d9bfa9e6196d1ee28b58a211bd6e7ddb315218bc6adfc8e15

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
1.5MB

MD5
79c6f0118a8058a65f81e93b2f2728b7

SHA1
c29c5273660793effac03e8e3299af42d422feea

SHA256
3b158576c32b3499bead136c1e297c901ff9a70b0a9260fcb81d6b05e43de5e2

SHA512
b3c76f6d49597237f5e5d0cf4a7be4e8eeccff8c6aa5ea54479e56647294aa901122aaafee2e3842bea3db7d2090c117dd6a3739421f4eaaaf819c789ec21a0b

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
2349ec9196d3b428d09b3cbc33041026

SHA1
3c3d9e6b2693584a9332f364da3a8a63f5d0f6a8

SHA256
9501a5762e5e7654421f11b3fbb82e3a5661c096f0935d87a93cba1d4cebdbd1

SHA512
a2e9b0962ff942cf6b9bb9f71eec005859b35162c832022255a61d3c72b89ab123b270a8767e1299b7956930c9deaefba51232d95cd312d32befb9c921217792

Download Submit
C:\Windows\System32\Locator.exe

Filesize
1.4MB

MD5
1c69501c1b4fcca471d98a93dde0d9dc

SHA1
57a79b5ae1de8d86f5e03c662bed82ced3f83097

SHA256
5a2d01c16cb03d807b7592493be4a36ef049e7093992f766e6f7cbf9f34f3c10

SHA512
8b8f82c3e0ad26be406434016fa9a2c82535982aa9c74380e9c5e9b2339a60f555cd46188462f169109dd751710c25e08ec32109378ab88cb9a3cc2ffcd8234a

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
1.8MB

MD5
9017ab3b729d902022b87ef81055f3b0

SHA1
123e736a4d2cc4f0a70a4983ab8acdc3d16ec306

SHA256
3c1eda7aea8a825de60e5638e3ad311130470844d348a252a9716c3049ddcdef

SHA512
275fabd8073c8660bb9370d6b7e9e44e55ba4dc6b282b65933e36f962ba13ca1bca1124aa2e1dd5f404defeb8fbc92c7d22b6ac99f0bb29ee6a0cd715c53fa11

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
1.5MB

MD5
35fb71224a651cd3d2b856dbe4bd24b6

SHA1
5531f621c05270acca6b26637c733dd5c037ea68

SHA256
f910b1010d2d5372be04bbd33cabd874809dc80fcdc20f21b71f998f25d210a0

SHA512
2bc403d4df18cd7632cee386cd1e0123fc48724d0de4d841d34dfdd5c0d78e64c26e57f4260686ab1ee6b8b6d4b36d6f7e710f314f266b0a6836c957cbb72487

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
a5e15c118f1d64ff63c474f0eb0a3527

SHA1
70f6c70cf43663182b77df215551061438868d3c

SHA256
bd72bbbd4ae35c68b87b5bdc1f7475544ab2786c9ea3a9e363954bf78ddecd52

SHA512
44ce273e60edd8888116b53ac6f1f27962534e47df1fa7f00f3efe20c52cb64a85250faace7d5d49475985a5cd428cb5f2576e530e22ad89a5e6b9f5d5dcb864

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
3936633e7ca4673fb330298ea7d2cc5a

SHA1
bd6e3ab9a8e1fe8a04e07391aae53db1ea5e7ba7

SHA256
59d682858ef082cb1be36710a7ad33ab16f43cc87a22d0a8e8d4461785d1f68c

SHA512
aa94604a5847ff87dec1167adcea4ed32b48f4af7e7b1122208d2ee858f5d8dfde96cc67efb95693535cef307cd521c1fd386c5c9e9844298d89f56848d31c6f

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
1.7MB

MD5
c6b1e1620cdfc54522e414ba61ce4706

SHA1
c0e358d2262cfc03990bbfcfdc9465e86d448b40

SHA256
56e6d33af2060e17ca2ac1b52303da6b0799e106072e13a1657e295cbece1006

SHA512
5f499392e6cf72db57b29684dec953be5f06c347e428eb2e1d29304a14d0e32af4ca98b45c6320d33772509ca5b4d62bfe1ae2cfb3935597c6d49924be254a23

Download Submit
C:\Windows\System32\VSSVC.exe

Filesize
2.0MB

MD5
ae6883f3e0e5778570a193b43ff8f248

SHA1
b3048576b053ead7907736525b6b54a5284c6924

SHA256
522e1c5cc101deb13e5e7e0489048f1fe778f8d57efd731494dddaf2173cc675

SHA512
eceddbea237a6629c212671fbb035c66535bc119e7fc7f0f6c7c4f0cc8aa3c07d0af0bbbff4e5dfb05f15f71990403f3149d3157c465468c5727beedee758c1a

Download Submit
C:\Windows\System32\alg.exe

Filesize
1.5MB

MD5
5f16a5addf4dbf5c056966f2995261c2

SHA1
94da9ccd074ae32453ad75d56f32f7430f864fc5

SHA256
cfe2b947c3b64104b2f1cb36da48703135ea4a5869a40e6543808f32b68dc6ac

SHA512
074846b92d934fd9e41b6d2cc0021a7a2a0bae95ba048b901e70f3fc0079a7902011f55bc74829a76bafa4de1a272c37a0d57e7ec94b51244b32cb9102008d6e

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
1.6MB

MD5
ccc14aea87882988ff0be26c3eafce06

SHA1
5c9b4029b9e696778274c9b8ab17f5c28fd5080f

SHA256
289d917173ce840d3ef52f217641563cf006575e4b027ae7ea5ea0414c886d59

SHA512
aea1b42d8810ff0cb2d93f80932ac0587af8d24a2bd807c83a4be63cf8413bf59b6c68c8247e36a44cbfd799aad23ffa222a89d38e6a2495ab96014d2d3c6d2d

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
1.4MB

MD5
70cd86837b42998546cd089acf3e05fe

SHA1
a9ff9fb77f779d9317dc60b9c79427c51a484fbc

SHA256
d2c4e7f01c072b63cd24e2832606a93796f7f9f8fa705d7ce44e023152430ff2

SHA512
61ae19dcf8bacb19f066289d3c5c8abdb695357888c09dd3a7d5df5409fd3e65ba957136de091d0f7552fbf7258327ce7b9c8b7da9a56336dcb7183bc6854353

Download Submit
C:\Windows\System32\vds.exe

Filesize
1.3MB

MD5
c27fc0764ba1d1e19629dfaeb51f3ff7

SHA1
622d647439dbb69b22ef472250c817a873868022

SHA256
5f938e2ba6c741c775821e75a2b996a0d03d8b397701607121e313ce887e4d8e

SHA512
86c0a7fd1e935cf424c68daa1cb020a684cc29b4900e5e84ff79daaf807758763d809ca8f2fc5d67dcb4730fb6c4c98265614459b7644a03811ee0cd270e08a3

Download Submit
C:\Windows\System32\wbem\WmiApSrv.exe

Filesize
1.6MB

MD5
0faa19c8502172a6f3a9a1fbc59a0afb

SHA1
81b3104056ae7dfda47dc74d56f80415074840ad

SHA256
826a3c1ef094035e6bfd728e4a1f4be264ea0747c232f329d5c47b4b47b93178

SHA512
4de468a889a765519201773760ecb14b4b1f5f3d4cd305406e7943086cbfd5b9f1698f1d1f6127db6bb4b42c709675eac70213e0981c28ee52cae9e84fc71c0d

Download Submit
C:\Windows\System32\wbengine.exe

Filesize
2.1MB

MD5
b54011fcf5399c30a459493727591ea1

SHA1
72d1505c3065a14563c7e6ca8bac1e7c78d83d7d

SHA256
0099f2fb69b7196b5387ed464ca530582c1650078bb95b597cc48c2610d9df86

SHA512
b4f884f1223effa806d0f462ef91aa51a42d7fe6e52fd2862e45f8c3580f1acc770c4897fd828b0e21367882e3a97a01b26ec707a6f53d4130beb34c1835a69d

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
0936567611a0a86bc6e160df177391e2

SHA1
7aeebdd30dcc9957b7703dce02160b6bf204ab46

SHA256
77987fcbd8121436085aeb5b2fd242cba3b91e704bb6fc4c24bd02336ed2d204

SHA512
844d9cfb968717619a1a810ec6dd6430d94a1b97c5090664d99df179a280adefcbf72162516a5f0e8072e0d5ec062017e3e0a58082f5966fe2ff4b0b4cc3ff79

Download Submit
C:\Windows\system32\SgrmBroker.exe

Filesize
1.7MB

MD5
b319c3f6e57a6d279128e21b58bbbc8e

SHA1
e1e1b391f3f8b539ac7433735ef71e6e1e39d649

SHA256
24256f20b7737ebe97f415a0bed5603e6ce0bc4997123f5aa6850f1257a3009c

SHA512
b7bd3a971a52b222bbebd1816ceb5a3d5d0d8458354c7c2795e58abe5160c18a9f0ef4c7b628ac6a186718db87d9c2415bb7ab7f3c5adee0b4fe746f5cf92d7e

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
1.5MB

MD5
eaccf006396e30a8995a1ed566d58ea8

SHA1
5d82347599130a883062efcb465dfd3974b990f3

SHA256
92993e19a27d9697eb491521a52f9d4add0751d870086c5245c45b876be64a23

SHA512
d82e0929c73303c31ab57eca3556120b0e57a7feba133ac12d15b0496640b9c8b95b6d27ea8e64014db3e29b254862baa78b505b3a0d5d476fc59afedb9e770d

Download Submit
memory/612-278-0x0000000000A10000-0x0000000000A70000-memory.dmp

Filesize
384KB

Download
memory/612-270-0x0000000140000000-0x00000001401E2000-memory.dmp

Filesize
1.9MB

Download
memory/612-337-0x0000000140000000-0x00000001401E2000-memory.dmp

Filesize
1.9MB

Download
memory/748-144-0x0000000140000000-0x000000014018A000-memory.dmp

Filesize
1.5MB

Download
memory/748-58-0x0000000000740000-0x00000000007A0000-memory.dmp

Filesize
384KB

Download
memory/748-12-0x0000000000740000-0x00000000007A0000-memory.dmp

Filesize
384KB

Download
memory/748-13-0x0000000140000000-0x000000014018A000-memory.dmp

Filesize
1.5MB

Download
memory/888-294-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/888-600-0x0000000000700000-0x0000000000760000-memory.dmp

Filesize
384KB

Download
memory/888-599-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/888-236-0x0000000000700000-0x0000000000760000-memory.dmp

Filesize
384KB

Download
memory/888-230-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/916-296-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/916-303-0x0000000000C10000-0x0000000000C70000-memory.dmp

Filesize
384KB

Download
memory/916-309-0x0000000000C10000-0x0000000000C70000-memory.dmp

Filesize
384KB

Download
memory/916-308-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/976-152-0x0000000001A40000-0x0000000001AA0000-memory.dmp

Filesize
384KB

Download
memory/976-153-0x0000000001A40000-0x0000000001AA0000-memory.dmp

Filesize
384KB

Download
memory/976-147-0x0000000140000000-0x00000001401AF000-memory.dmp

Filesize
1.7MB

Download
memory/976-145-0x0000000001A40000-0x0000000001AA0000-memory.dmp

Filesize
384KB

Download
memory/976-158-0x0000000001A40000-0x0000000001AA0000-memory.dmp

Filesize
384KB

Download
memory/976-159-0x0000000140000000-0x00000001401AF000-memory.dmp

Filesize
1.7MB

Download
memory/2016-282-0x0000000140000000-0x0000000140175000-memory.dmp

Filesize
1.5MB

Download
memory/2016-224-0x0000000000710000-0x0000000000770000-memory.dmp

Filesize
384KB

Download
memory/2016-215-0x0000000140000000-0x0000000140175000-memory.dmp

Filesize
1.5MB

Download
memory/2020-325-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/2020-334-0x00000000007B0000-0x0000000000810000-memory.dmp

Filesize
384KB

Download
memory/2084-162-0x0000000140000000-0x0000000140189000-memory.dmp

Filesize
1.5MB

Download
memory/2084-93-0x00000000006B0000-0x0000000000710000-memory.dmp

Filesize
384KB

Download
memory/2084-101-0x00000000006B0000-0x0000000000710000-memory.dmp

Filesize
384KB

Download
memory/2084-94-0x0000000140000000-0x0000000140189000-memory.dmp

Filesize
1.5MB

Download
memory/2260-211-0x0000000000870000-0x00000000008D7000-memory.dmp

Filesize
412KB

Download
memory/2260-268-0x0000000000400000-0x0000000000577000-memory.dmp

Filesize
1.5MB

Download
memory/2260-205-0x0000000000400000-0x0000000000577000-memory.dmp

Filesize
1.5MB

Download
memory/2312-171-0x0000000000D60000-0x0000000000DC0000-memory.dmp

Filesize
384KB

Download
memory/2312-227-0x0000000140000000-0x0000000140199000-memory.dmp

Filesize
1.6MB

Download
memory/2312-161-0x0000000000D60000-0x0000000000DC0000-memory.dmp

Filesize
384KB

Download
memory/2312-164-0x0000000140000000-0x0000000140199000-memory.dmp

Filesize
1.6MB

Download
memory/2456-290-0x0000000000880000-0x00000000008E0000-memory.dmp

Filesize
384KB

Download
memory/2456-284-0x0000000140000000-0x00000001401C2000-memory.dmp

Filesize
1.8MB

Download
memory/2456-351-0x0000000140000000-0x00000001401C2000-memory.dmp

Filesize
1.8MB

Download
memory/2648-186-0x00000000004F0000-0x0000000000550000-memory.dmp

Filesize
384KB

Download
memory/2648-241-0x0000000140000000-0x00000001401AF000-memory.dmp

Filesize
1.7MB

Download
memory/2648-180-0x0000000140000000-0x00000001401AF000-memory.dmp

Filesize
1.7MB

Download
memory/2664-358-0x0000000000650000-0x00000000006B0000-memory.dmp

Filesize
384KB

Download
memory/2664-353-0x0000000140000000-0x00000001401A6000-memory.dmp

Filesize
1.6MB

Download
memory/3184-321-0x0000000000BC0000-0x0000000000C20000-memory.dmp

Filesize
384KB

Download
memory/3184-313-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/4164-7-0x0000000000C80000-0x0000000000CE7000-memory.dmp

Filesize
412KB

Download
memory/4164-435-0x0000000000400000-0x00000000005CD000-memory.dmp

Filesize
1.8MB

Download
memory/4164-133-0x0000000000400000-0x00000000005CD000-memory.dmp

Filesize
1.8MB

Download
memory/4164-0-0x0000000000400000-0x00000000005CD000-memory.dmp

Filesize
1.8MB

Download
memory/4164-6-0x0000000000C80000-0x0000000000CE7000-memory.dmp

Filesize
412KB

Download
memory/4164-1-0x0000000000C80000-0x0000000000CE7000-memory.dmp

Filesize
412KB

Download
memory/4440-324-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/4440-264-0x0000000000770000-0x00000000007D0000-memory.dmp

Filesize
384KB

Download
memory/4440-257-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/4480-128-0x0000000000C90000-0x0000000000CF0000-memory.dmp

Filesize
384KB

Download
memory/4480-191-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/4480-119-0x0000000000C90000-0x0000000000CF0000-memory.dmp

Filesize
384KB

Download
memory/4480-120-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/4496-200-0x0000000000BD0000-0x0000000000C30000-memory.dmp

Filesize
384KB

Download
memory/4496-194-0x0000000140000000-0x000000014018B000-memory.dmp

Filesize
1.5MB

Download
memory/4496-254-0x0000000140000000-0x000000014018B000-memory.dmp

Filesize
1.5MB

Download
memory/4512-339-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/4512-346-0x0000000000520000-0x0000000000580000-memory.dmp

Filesize
384KB

Download
memory/4612-113-0x0000000000D70000-0x0000000000DD0000-memory.dmp

Filesize
384KB

Download
memory/4612-106-0x0000000000D70000-0x0000000000DD0000-memory.dmp

Filesize
384KB

Download
memory/4612-105-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/4612-122-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/4612-117-0x0000000000D70000-0x0000000000DD0000-memory.dmp

Filesize
384KB

Download
memory/4784-132-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/4784-203-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/4784-135-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/4784-140-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/4844-244-0x0000000140000000-0x0000000140176000-memory.dmp

Filesize
1.5MB

Download
memory/4844-311-0x0000000140000000-0x0000000140176000-memory.dmp

Filesize
1.5MB

Download
memory/4844-251-0x0000000000700000-0x0000000000760000-memory.dmp

Filesize
384KB

Download